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Amendments to the Claims 



The listing of claims will replace all prior versions, and listings of claims in the 
application. 

1 . (Currently Amended) A system for providing access control management 
to electronic data, wherein the electronic data is structured in a format that provides 
restricted access to the electronic data therein, comprising: 

a ehent-module configured to generate a header comprising a plurality of eae-er 
mere-sets of encrypted security information corresponding to respective one of a 
plurality of groups of users as to who and how a fil e including th e e l e ctronic data can ho 
acc e ss e d, and configured to generate an encrj^ted data portion compriaing th e fil e 
encrypted with one or more a plurality of file keys, each of the file keys corresponding to 
each of the sets according to a predetermin e d cipher schem e, wherein the header is 
associated with coupl e d to the encrypted data portion to generate a secured file , e ach s e t 
of th e on e or mor e sets of encrypted s e curity information aooooiat e d with a d e signated 
group of users ; and 

a sefvet-module configured to obtain a respective one of the file keys file^^ 
associated with a corresponding one of the plurality of groups th e designated group of 
ttsers and to decrypt only a the set of the plurality of on e or mor e sets of encrypted 
security information associated with the respective one of the groups d e oignatod group ef 
us e rs to allow access by the respective one of the groups dooignatod group of users . 
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2. (Currently Amended) The system as recited in Claim 1 , wherein the 
plurality of one or more sets of encrypted security information in the header of the 
secured file facilitates the restricted access to the file. 

3 . (Currently Amended) The system as recited in Claim 1 , wherein the 
plurality of on e or more sets of security information is encrypted with a key firom the 
plurality of one or more file keys associated with the one of a plurality of groups fe e 
d e signat e d group of users. 

4. (Currently Amended) The system as recited in Claim 3, wherein the one 
of a plurality of groups the designated group of users4 s includes one or more of s e lected 
from a group consisting of a-human users, a-software agents, and a-devices and a group 
of us e rs ; and wherein the one of a plurality of groups the d e signat e d group of users is 
granted access privilege to access the file. 

5. (Currently Amended) The system as recited in Claim 4, wherein the 
plurality of on e or mor e sets of encrypted security information comprises one of the 
plurality of t he-file keys and access rules to the-restricted access to the file. 

6. (Currently Amended) The system as recited in Claim 5, wherein the file 
key is retrieyed to decrypt the encrypted data portion in the seciired file when the access 
privilege of the one of a plurality of groups th e d e signated group of users is within 
consistent with access permissions by the access rules. 
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7. (Previously Presented) The system as recited in Claim 6, wherein the 
access rules are expressed in a markup language. 

8. (Previously Presented) The system as recited in Claim 7, wherein the 
markup language is Extensible Access Control Markup Language. 

9. (Currently Amended) The system as recited in Claim 7, wherein the 
markup language is -includes one or more s e l e ct e d from a group consisting of HTML. 
XML, and SGML. 

1 0. (Previously Presented) The system as recited in Claim 1 , wherein the 
secured file is configured to have a file extension identical to what the file originally has 
so that an application designated to access the file can be executed to access the secured 
file. 

11. (Currently Amended) The system as recited in Claim 10, wherein each of 
the plurality of on e or more sets of encrypted security information comprises a flag to the 
application that the secured file being accessed can not be accessed as it is.normally 
accessed-dees. 

12. (Previously Presented) The system as recited in Claim 1 1, wherein the 
flag is configured to be placed in a position of the secured file so that the flag will be 
accessed first when the secured file is accessed by the application. 
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1 3 . (Currently Amended) The system as recited in Claim 1 0, wherein each of 
the plurality of on e or mor e sets of encrypted security information comprises the file key 
and access rules, the access rules controlling who and how the secured file can be 
accessed, and wherein the security information in the header is organized in such a way 
that the application is paused, upon detecting that the secured file is being accessed, for 
an access control module to determine whether the one of a plurality of groups fe e 
d e signat e d group of users requesting the secured file has proper access privileges to do 
so with respect to the access rules in the security information. 

14. (Previously Presented) The system as recited in Claim 13, wherein the 
access control module operates in a path through which the secured file is confined to be 
loaded into the application. 

15. (Previously Presented) The system as recited in Claim 1 , wherein the file 
key is a symmetric cipher key. 

16. (Currently Amended) The system as recited in Claim 1, wherein the 
electronic data iile-is one or more of an electronic document, a multimedia file, a s e t of 
dynamic or static data, a sequence of executable code, an image file, streaming audio, 
streaming video, executable code, audio files, databases, database tables, database table 
records, collections of electronic files; and collections of electronic documents and a t e xt 
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1 7. (Currently Amended) A system for providing access control management 
to electronic data, wherein the electronic data is structured in a format that provides 
restricted access to the electronic data therein, comprising: 

a eliest-module configured to generate a header including an encrypted file key 
and a rule block having N encrypted segments, each of the N encrypted segments 
including a set of access rules facilitating the restricted access to a file including the 
electronic data, wherein N >=1 and an encrypted data portion including the electronic 
data encrypted according to a predetermined cipher^ , and 

wherein the header is associated with coupled to the encrypted data portion to 
generate a secured file, and the file key can be retrieved to decrypt the encrypted data 
portion only when the access rules in one of the N encrypted segments are measured 
successfully against access privileges associated with a group of designated users 
accessing the secured file. 

1 8. (Previously Presented) The system as recited in Claim 1 7, wherein the 
header further comprises a user block having user information identifying who can 
access the secured file. 

19. (Previously Presented) The system as recited in Claim 17, wherein each 
of the N encrypted segments of the rule block comprises policies on how the secured file 
can be accessed. 
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20. (Previously Presented) The system as recited in Claim 18, wherein the 
user block includes N encrypted segments, each including the file key. 

21 . (Previously Presented) The system as recited in Claim 20, wherein each 
of the N encrypted segments of the user block corresponds to one of the N encrypted 
segments of the rule block. 

22. (Previously Presented) The system as recited in Claim 20, wherein each 
of the N encrypted segments of the user block further comprises a user identification 
identifying who can access the secured document. 

23. (Previously Presented) The system as recited in Claim 20, wherein each 
of the N encrypted segments of the user block further comprises cipher information 
about the predetermined cipher to facilitate a decryption process of the encrypted data 
portion with the file key. 

24. (Previously Presented) The system as recited in Claim 20, wherein the 
access rules in each of the N encrypted segments of the rule block determine at least an 
action with which the secured document can be accessed by the designated group of 
users associated with one of the N encrypted segments of the user block. 
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25. (Currently Amended) The system as recited in Claim 24, wherein the 



26. (Previously Presented) The system as recited in Claim 20, wherein the 
access rules in each of the N encrypted segments of the rule block are expressed in a 
markup language. 

27. (Previously Presented) The system as recited in Claim 26, wherein the 
markup language is Extensible Access Control Markup Language. 

28. (Currently Amended) The system as recited in Claim 26, wherein the 
markup language is one or more s e l e cted from a group consisting of HTML, XML^ and 
SGML. 

29. (Previously Presented) The system as recited in Claim 20, wherein the N 
encrypted segments of the user block are respectively encrypted with the file key. 



action comprises one or more ofn 



a open, export, read, edit, play, listen to, or 



print- 
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30. (Previously Presented) The system as recited in Claim 29, wherein an 
authorized designated group of users associated with one of the encrypted segments of 
the user block can view the access rules of each of the N encrypted segments of the rule 
block when access privilege of the authorized designated group of users is measured 
successfully with the access rules in one of the N encrypted segments in the rule block 
associated with the authorized designated group of users. 

3 1 . (Previously Presented) The system as recited in Claim 30, wherein the 
authorized designated group of users can update the access rules of each of the N 
encrypted segments of the rule block. 

32. (Previously Presented) The system as recited in Claim 20, wherein the N 
encrypted segments of the user block remain encrypted every time the secured file is 
stored in a storage space. 
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33. (Currently Amended) In a system for providing access control 
management to electronic data, wherein the electronic data is structured in a format that 
provides restricted access to the electronic data therein, a method for generating the 
format, comprising: 

obtaining a file key; 

encrypting the electronic data with the file key according to a predetermined 
cipher to produce an encrypted data portion; and 

integrating a header comprising a plurality of one or more sets of encrypted 
security information with the encrypted data portion to generate a secured file, wherein 
the encrypted security information comprises the file key and access rules to control the 
restricted access to the electronic data in the secured file, each set of the plurality of eme 
or more sets of encrypted security information associated with a corresponding one of a 
plurality of groups a designat e d group of users. 

34. (Currently Amended) The method of Claim 33, wherein the encrypted 
security information comprises user information as to which of the corresponding one of 
a plurality of groups a designat e d group of users can access the secured file. 

35. (Currently Amended) The method of Claim 34, wherein the plurality of 
one or mor e sets of encrypted security information can only be decrypted by a key 
associated with the corresponding one of a plurality of groups a d e signat e d group of 
users identified in the user information in the pluraUty of on e or mor e sets of encrypted 
security information. 
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36. (Currently Amended) The method of Claim 34, wherein the 



corresponding one of a plurality of groups 




-of users includes one or 



more ia a member aol e cted from a group consisting of arhuman users, a-software agents. 



to access the secured file. 

37. (Currently Amended) The method of Claim 36 further comprising 
obtaining the access rules from either a defauh setting for a file place in which the 
secured file is to be placed or a manual setting in accordance with access privilege 
associated with a user from the corresponding one of a plurality of groups a d e signat e d 
group of users who is creating the secured file. 

38. (Original) The method of Claim 33, wherein the obtaining of the file key 
comprises: 

if the secured file is newly generated, generating the file key from the 
predetermined cipher; and if the secured file is being stored in a storage place, retrieving 
the file key from a memory store; and 

deleting the file key from a memory store as soon as the secured file is stored in 
the storage place. 



and a-devices 




s; and wherein the use rs are is-granted access privileges 
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39. (Currently Amended) The method of claim 1, wherein each of the 

corresponding one of a plurality of groups a designated group of users has different 

access privileges. 
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